On 15 September 2017, the Italian Data Protection Authority (“Garante”) clarified that companies and public entities shall appoint the DPO on the basis of verified competencies and specific experiences.
Legal tips for the cloud
Being aware of the legal aspects of cloud computing can help the adoption of cloud computing. Cloud computing can offer a more efficient option for services like data storage and email services with end users having their data stored in a remote location by a third party cloud provider. This model is often much cheaper than investing in servers and software, but it does come with risks. Users need to be sure the contract they sign really meets their needs, gives precise information regarding ownership, access, privacy and security, governing law, allocation of the risk and what happens if the cloud provider goes out of business.
CloudWATCH is publishing a series of informative tips for potential adopters of the cloud, indicating the right places to look for accurate and trustworthy information on this issue.
Whilst preparing for Brexit, on 14 September 2017 the UK government announced the publication of the Data Protection Bill(“Bill”) that replaces the current Data Protection Act 1998.
On 13 September 2017, the UK’s supervisory authority, the Information Commissioner’s Office (“ICO”), published draft guidance (the “Guidance”) on contracts between controllers and processors under Article 28 GDPR.
On 8 September 2017, the Council of the European Union (hereinafter, “the Council”) reviewed the draft of the new e-Privacy Regulation (“EPR”) – previously published by the European Commission on 10 January 2017 -, which allows the use of first-party and third-party analytic cookies without express consent of the end-user.
On September 5th, 2017, the Grand Chamber of the European Court of Human Rights (hereinafter, “GC ECHR” or “the Court”) declared that employees must be aware in advance of the monitoring of their corporate email account.
Focus: International Data Transfer - The paper addresses MPs in the process to assess Bill no. 5276/2016; Multinationals and SMEs willing to transfer personal data from Brazil to the EU and vice versa; Data subjects seeking adequate safeguards on how and where their personal data is processed. The paper aims to highlight how international data transfer as defined in Bill no. 5276 might be further aligned with the GDPR and, more generally, with the EU data protection principles.
The Belgian Data Protection Authority issued Recommendation No. 06/2017 on 14 June 2017 with the aim of providing guidelines to data controllers and data processors in relation to their obligation to establish and maintain internal records of data processing activities by May 25, 2018.
On 8 June 2017, Article 29 Data Protection Working Party (“A29WP”) adopted Opinion 2/2017 on personal data processing at work. Building on and complementing previous guidelines (namely Opinion 8/2001 and the 2002 Working Document on the surveillance of electronic communications in the workplace), the Opinion makes a new assessment of the balance between legitimate interests of employers and privacy expectations of employees, in view of recent technological progresses enabling increasingly invasive employees’ personal data processing.
On 28 April 28 the Italian Data Protection Authority (“Garante”) issued its first guidance on the new provisions of the General Data Protection Regulation (“GDPR”), consisting of a schematic overview of the changes in the current legal framework and recommendations on how to face them. The following paragraphs summarise the Garante’s practical advice on each aspect.
The Article 29 Working Party (“A29WP”) has recently published its guidelines on Data Protection Impact Assessment (“DPIA”) introduced by art. 35 of EU Regulation 2016/679 (“GDPR”).